Bug#1057873: systemd-boot: allow user postinstall script to be able to sign the bootloader
Luca Boccassi
bluca at debian.org
Sun Jan 12 15:31:20 GMT 2025
Control: tags -1 wontfix
Control: close -1
On Sun, 26 May 2024 18:15:12 +0100 Luca Boccassi <bluca at debian.org>
wrote:
> Control: tags -1 help
>
> On Sat, 09 Dec 2023 23:53:17 +0100 Matteo Settenvini
> <matteo.settenvini at montecristosoftware.eu> wrote:
> > Package: systemd-boot
> > Version: 255-1
> > Severity: important
> >
> > Dear Maintainer,
> >
> > as per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033725 and
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202, there
seems
> to be no
> > willingness to sign esp/EFI/systemd/systemd-bootx64.efi and
> > esp/EFI/BOOT/BOOTX64.EFI with the Debian CA.
> >
> > Sidenote: (Maybe this decision should be revisited? We are a
couple
> of years
> > later and systemd-boot is the only proper Linux bootloader able
to
> do
> > measured boot).
>
> This is in progress and should hopefully happen for Trixie.
Signed amd64 and arm64 packages are now available in unstable:
https://ftp.debian.org/debian/pool/main/s/systemd-boot-efi-amd64-signed/
https://ftp.debian.org/debian/pool/main/s/systemd-boot-efi-arm64-signed/
Complex integration for self-signing is no longer needed. It is still
possible to do locally for those who want to, but we don't need to
carry functionality specifically for it in the package, hence closing
this.
More information about the Pkg-systemd-maintainers
mailing list